Z-Wave Alliance Mandates New Security Requirements for IoT Devices

The Alliance Board of Directors has voted to require all devices receiving Z-Wave certification after April 2, 2017, to include the new advanced S2 framework.

FREMONT, Calif. – The Z-Wave Alliance, an open consortium of leading global companies deploying the Z-Wave smart home standard, announced the addition of a security requirement to its long-standing interoperability certification.

The new addition to the certification program will require manufacturers to adopt the strongest levels of Internet of Things (IoT) security in the industry, according to the organization. The Z-Wave Alliance Board of Directors voted to make the implementation of the new Security 2 (S2) framework mandatory for all products that are Z-Wave certified after April 2, 2017. The security measures in S2 provide the most advanced security for smart home devices and controllers, gateways and hubs in the market today, according to the Alliance.

The Z-Wave Alliance, along with its Board of Directors and members, says it has been working for the past several years to develop world-class security for its devices as the IoT expands into every modern household in the United States and across the globe.

“This recent decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously,” says Mitchell Klein, executive director, Z-Wave Alliance. “No one can afford to sit on their hands and wait – consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don’t act will be left behind.”

Z-Wave’s S2 framework was developed in conjunction with cybersecurity hacking experts, giving the already secure Z-Wave devices, new levels of impenetrability, according to the Alliance. By securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 also removes the risk of devices being hacked while they are included in the network.

The Alliance says by using a QR or pin-code on the device itself the devices are uniquely authenticated to the network as well. Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH).

Z-Wave says it also strengthened its cloud communication, enabling the tunneling of all Z-Wave over IP traffic through a secure TLS 1.1 tunnel, removing vulnerability.

The changes to Z-Wave’s technical certification program, which is administered through third-party test facilities in Europe, U.S. and Asia, first established to test and certify Z-Wave devices in 2005 will check that all S2 security solutions, which contain rules for command classes, timers and device types are correctly implemented.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters